Unable to Access Container via SSH Access (Using v2.0)

ssh
bitbucket

#1

Hello,

as many posts have been already raised, I do have trouble connecting to my container via SSH. I am choosing a sample build that runs successfully and doing a Rerun job with SSH, bear in mind I do not see a drop down menu or a tab as per documentation, but I believe this is for v1.0. Anyways, the connection times out and it never connects. My public key is on bitbucket.org and therefore I expect CircleCI to be pushing this key to any new existing container that I build (it would be nice to be able to verify this somehow). I have tried:

  • Authenticating from my local Macbook to Bitbucket: ssh -Tv git@bitbucket.org > Success
  • Trying to SSH to the container:
  • ssh -p 64546 52.206.237.121 -vvv
  • ssh -i .ssh/id_rsa -p 64546 52.206.237.121 -vvv

Output

Any advice ? I am using the Free Version as currently we are doing a POC for the tool


#2

Could you be having firewall problems your side?

How long does the timeout take?


#3

I did think about firewall but I am not sure how this is managed from the IT. The timeout is done in probably less than 2-3 minutes.

I can spin up another container for more networking troubleshooting. But do you see anything else that can be involved ? If there is whitelisting that needs to take place, is there like a generic pool of IPs that CircleCI is using for the containers or another smart way of whitelisting ?


#4

If you are in a business environment and you’re using non-standard ports, it is almost certainly a firewall issue. I’d concentrate on that first. If you can, use a mobile phone with a data connection and try connecting via that.

You might also be able to approach IT and ask them to do a test on a non-firewalled connection.


#5

Yes… used my hotspot and it was a network issue.

I think IT is blocking the port 64537 is there a way to change that in the config ?


#6

Not as far as I know. I believe CircleCI will only have a small pool of IPs to use, so they will (temporarily) add a randomised port into their dynamic firewall rules for the duration of your SSH session. The rule will be destroyed at the end of the session. So, random ports is part of this design.

Keep on using your hotspot :smile:


#7

Q1. Do you have a reserved ranges of ports or a reserved range of IPs ? We are doing a POC so it will be hard to be using our hotspots when the whole company will be using it/

Q2: I am typing normal linux command and I get the below:whatishappening


#8

No, but I expect this would be available from a CircleCI employee. Maybe you can ask a new top-level question about that?

At a guess, turn off your SSH debug :blush:


#9

Fair point. I shall raise a topic! Thanks man :slight_smile:


#10

@halfer There is a topic for that actually and it recommends to whitelist IPs on AWS US-East and US-West


#11

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.